Versions (5)
Version DetailsCurrent
Rev: 13 • Jul 30, 2010, 12:00 PMET HUNTING Suspicious FTP 220 Banner on Local Port (-)
alert ftp $HOME_NET [0:20,22:24,26:118,120:138,140:444,446:464,466:586,588:901,903:1432,1434:65535] -> any any (msg:"ET HUNTING Suspicious FTP 220 Banner on Local Port (-)"; flow:from_server,established; content:"220-"; depth:4; classtype:non-standard-protocol; sid:2003055; rev:13; metadata:created_at 2010_07_30, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Jul 30, 2010, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 13, 2025, 9:34 PM
rules/emerging-hunting.rules